The CVS loader creates files on the local file system based on
paths which were read from a local copy of a CVS repository or
sent by a CVS server as part of its "cvs rlog" response.
Ensure that such paths will not be able to escape the temporary
directory which stores checked out versions of files.